Coverity static analysis for C, C++ and Java code
james.hunt at ubuntu.com
Wed Apr 10 13:39:41 UTC 2013
On 10/04/13 13:41, Loïc Minier wrote:
> On Mon, Apr 08, 2013, James Hunt wrote:
>> We're already using it for critical packages including Upstart and
>> Whoopsie , but it would be great to expand its scope to make it use
>> the norm rather than the exception.
> Cool! How did you hook it up to the Upstart sources though?
I haven't done that yet - currently a slightly manual process but looking at
ways to automate further (starting with a daily cron :) Ideally, I'd like to
have all MP's scanned.
> time, or e.g. from some Jenkins job pushing the latest version daily?
> Does this scan the Ubuntu branch of Upstart, the upstream one or both?
I do both.
> Would it be ok license-wise and hard for us to do this at a larger
> scale; e.g. have some kind of daily job that pushes the latest Ubuntu
> source packages from a set to be tested?
I don't know. Coverity seemed to have relaxed the restriction that the
individual that requests Coverity scans for a project be the "project owner". If
you look at the "Role with the Project" option on , there are now 6 values
including "other". I'll contact them and see if it might be possible...
 - http://scan.coverity.com/project_register.html
#upstart on freenode
More information about the ubuntu-devel